Palm pre

Joey Hess has been taking apart the Palm Pre packet codes and has found that apparently the Palm Pre reports your private data back to their home office. I’m no coder, but it looks like the Pre reports the following pieces of data at least once a day back to Palm. Your location, the apps you use, apps that have crashed and what you have recently installed. Apparently this is done through the location services via the GPS information. I admit I find this creepy and intrusive. If this is what Palm is up to, they must stop. What is even worse, apparently Palm users have also agreed to this through their Orwellien Terms of Service agreement. Matthew Miller over at ZDnet has torn through the TOS and found some interesting tidbits:

You agree that Palm and its subsidiaries, affiliates, partners, suppliers, and agents (collectively, Affiliates) may collect, store, access, disclose, transmit, process, and otherwise use your Registration Data, account or Device information, content, and technical data for Palm and its Affiliates to provide you with the Services, address your requests, provide technical support, process any transactions for your account, and otherwise in accordance with Palm’s privacy policy. Palm may also provide or enable certain Services through your Device that rely upon location information. In order to provide such Services, Palm and its Affiliates may collect, store, access, disclose, transmit, process, and otherwise use your location data (including real time geographic information) in accordance with Palm’s privacy policy. You also agree that Palm has the right, without liability to you, to disclose any information, including but not limited to your Registration Data and other information, to law enforcement authorities or government officials, to the extent Palm believes is reasonably necessary or appropriate.

So, on the one hand I get that Palm needs to collect data about the services they are providing in order to make sure the phone is actually working and to make the “user experience” better. However, this seems a bit beyond the pale. It’s also not clear how far Palm can take this data and with whom they might share it with. That is what really makes me nervous about cell phones and cloud computing, you just don’t know who’s out there with access to your data and personal information.

The good news is that Palm has responded to this outrage and released the following statment:

“Palm takes privacy very seriously, and offers users ways to turn data collecting services on and off. Our privacy policy is like many policies in the industry and includes very detailed language about potential scenarios in which we might use a customer’s information, all toward a goal of offering a great user experience. For instance, when location based services are used, we collect their information to give them relevant local results in Google Maps. We appreciate the trust that users give us with their information, and have no intention to violate that trust.”

I believe Palm when they say they will not violate their trust, but there are other’s not so trustworthy out there. In fact, (being a lawyer I can speak to this somewhat) this is the major problem I have with Internet TOSs. They are often vauge, rambling and much too legalistic. If people realized half the crap they were signing away or agreeing too, they’d never agree to it. Imagine you went to the supermarket and as you checked out the cashier said “Oh, by the way, you have just agreed to let us track all your dietary needs, food purchases and market your information however we see fit”. You’d laugh in their face and probably punch them too. There needs to be a movement towards more simplified language that clearly informs the consumer of their rights and what kinds of information businesses are collecting.

Palm Pre Video

Photo attribution: James Whatley